SQL injection vulnerability in the PDF schema generator functionality allows remote attackers to execute arbitrary SQL commands. This issue does not apply to the version in Debian 4.0 Etch.

Additionally, extra fortification has been added for the web based setup.phpscript. Although the shipped web server configuration should ensure thatthis script is protected, in practice this turned out not always to be thecase. The config.inc.php file is not writable anymore by the webserver useranymore. See README.Debian for details on how to enable the setup.phpscript if and when you need it.

For the old stable distribution (etch), these problems have been fixed inversion 2.9.1.1-13.

For the stable distribution (lenny), these problems have been fixed inversion 2.11.8.1-5+lenny3.

For the unstable distribution (sid), these problems have been fixed inversion 3.2.2.1-1.

We recommend that you upgrade your phpmyadmin package.

Upgrade instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: